CCA Pilot Crib sheet
This sheet is intended only for people who already know what they are doing !
Assumes you are going to use inband NAT gateway
Make sure they have the right boxes, have tested them with the iso file
to make sure it boots, and can run the the script with dummy values,
and reboot, all without a kernel panic.
Make sure there is a design. It included all IP addresses, dg, dns - no nat or acls in the way etc.
make sure they know what policy they want.
If they don't know - go for critical hotfixes per OS and any av, installed and up to date.
make sure you know which ports are eth0 on each box (big timewaster if you get it wrong)
Script on both cam and cas
Make sure that the time is set accurately - date is in us format - DONT GET IT WRONG !!!!!
use ip address for the self signed cert host address
after script - edit /etc/hosts with names of cam and cas
if re-running the script it doesn't ask you to reboot but you must.
Manage CAS in CAM
hold you breath and cross everything.
Set up DHCP server in server using auto-generate
staff with all protocols permit all
student with some restrictions
create local users
users staff pw staff role staff
same for student
Create login page
User Pages under Administration - add new page keep defaults unless you want to make it pretty/different for certain OS etc
Require use of agent for staff role
Clean Access -> General Setup -> Agent login
choose staff - windows all and tick 'require use of agent' (can do it for OSX if necc. too)
Download first set up updates to CAM from CCO
Make sure CAM has connectivety to CCO
Clean Access -> Updates -> Settings
set it to update every 2 hours from now
click clean update and check that it downloaded successfully
Set a policy for staff
keep it simple - just for windows xp (can do others later)
must have NAV installed
must have NAV up to date
Clean Access -> Clean Access Agent -> Requirements -> new requirement
Name it Requirement_for_XPhotfixes, choose Link distribution, keep it
mandatory, url = www.windowsupdate.com (could be whatever e.g. you own
page of instructions)
descritpion "your systems lacks critical updates, please click on the link to visit windows update", choose xp pro/home and add.
then choose requirement rules and select your rule from the drop down list.
tick pr_XP_Hotfixes and click update.
create a requirement called 'must_have_NAV_running', make it a link disti or file disti if you have access to a file
Description (check whether name or descripton comes on the screen) or
'you don't have NAV running, enable it or click here to download' sort
of thing - again XP pro/home (some rules don't work for XP (all) )
in requirement rules pick pr_symantec_norton_application (looks for running program)
create a requirement callled 'must have uptodate norton' and make it an
av-definition update (different proceedure to other rule types) pick xp
pro/home as the os and make the name and descripton make sense.
If you need to test for an av or as that there isn't a pr_ rule for,
you need to create a rule before you create the requirement.
This isn't as scary as it sounds (honest)
To check for any any valid AV you need to create two rules
Rules -> new AV rule
do one for installation - tick the installation box (only choice) and 'add rule'
then do one for updates "Virus Definition".
(you could pick a single vendor if you wanted to and get cute with specific versions etc.)
make a link distribution requirement sending them to a web page of you
choice if they have no AV. Create a requirement rule that pick up your
any av rule.
make an av-definition requirement and create a requirement rule picking up your virus def rule.
I've just tested this and the any rule quite nicely spotted I had AVG,
but it was out of date, and triggered it to run an update.